07.05.2020

Covid-19 - Homeworkers and Protecting your Business

 Show Interest

Covid-19 - Homeworkers and Protecting your…

 Show Interest

As the current crisis has evolved, it’s become clear that homeworking is likely to remain the preferred advice for months to come, there are numerous stories of how businesses have benefitted, add to that the related economic and ecological benefits of meetings by zoom (especially client meetings), it’s safe to forecast that the landscape has changed permanently. Please see the offer of free support towards the end of the article.

 So whilst this article is written from a Data Protection/GDPR angle, bar a couple of areas, the contents are more of a common sense approach to protecting your business generally.

 1. Approach

Within the privacy sector we work from a basis of Risk & Policy. Without understanding risks and their implications, it’s difficult to prioritise and action safeguards. By updating or creating a policy document around home working and using their own devices (where necessary and appropriate) you provide your staff with clearly written instruction on working from home, which essentially involves a large element of trust, and probably processing a lot of data that is very sensitive for your business (and your clients).

 2. Assess

Understanding the risk involves consideration of a variety of factors – the type of data (especially if you process special category formerly called sensitive data), whether employees are using their own devices and if so who has access to these devices? the method of connection (is it secure)? what do staff do if they cause or encounter a breach? Are the devices secure (patching/updates, virus protection etc), what controls exist around saving data (could it be unnecessarily replicated? Is it stored locally?), dependent on your existing practices and policies if you are changing the way of working, it is likely a risk assessment in the form of a DPIA (data protection impact assessment) should be completed.

 3. Engage the experts

The obvious area will be IT (whether internally or externally supported), however HR, data protection, cyber experts may also be involved. Our sector we always encourages us to defer to experts in the relevant fields and best demonstrated via your IT partner/department being most likely to be most aware of the industry best practices and new developments. Obviously, I’m going to advise that your data protection expert (internal/consultant) is key to this for the same reasons. Also speak to the people who are most likely to be aware of any issues, your staff. These people will be expected to follow the policies, and are the people who can provide the most valuable insight to what actually happens. Your HR expert (alongside GDPR consultants) can also advise around how to handle staff health data, especially if you are planning to monitor staff of Covid infection. It’s a complicated area of law that differs from country to country*. Your marketing team may want to re-assure clients about their data being accessed in a home working environment.

4. Update/Create Policies

Using the guidance from these experts, update or create the relevant policies, ensuring they are designed to be easy to follow. Don’t forget about related policies (Breach policy? Business Continuity Plan, Access Control, Data collection etc) – do your staff know who to contact in the event of a breach? The immediate aftermath of any breach is the critical time to minimise the impact.

5. Training

Once policies have been updated, it is essential to ensure staff understand what is required, any change in practice is likely to require explanation and more important employee buy-in. It may be advisable to find a sponsor within each team; video conferences offer an ideal vehicle to train staff. Training should be regular and supported with reminders, whether that be regular emails or visual reminders to place in and around the working environment.

6. Processors

It will be important to check any businesses who process on your behalf (processors) have implemented the relevant checks and policies. GDPR places the responsibility on you to ensure your processors are treating personal data securely and you should have a written agreement for processing of personal data.

 7. Related Privacy Issues

The crisis doesn’t mean you can forget about other GDPR related obligations. Whilst the regulator (ICO) action doesn’t often make the front page, please don’t imagine it isn’t happening, there are numerous examples of action against small businesses. Additionally, having the ICO lean over your shoulder isn’t recommended or invited. Reputation is likely to be a bigger risk to your business than any potential fines. You will need to ensure you respond to Subject Access Requests and any other requests relating to subject rights in a timely manner. This may involve a further change in your policy documents and shouldn’t be forgotten.

If you need any help around policies, risk assessments or anything GDPR related, I’m here to help. I’m also offering a free zoom consultation around making sure your Privacy Notice is fit for purpose and answer any data protection related questions you have. Your Privacy Notice tells the whole world how (and if) you have a considered approach to data protection .

 The above is not designed to make you compliant (by any stretch), but to reduce the unquestioned risk attached to having a workforce working from home whether in part or in a majority.

 * I have an infographic created by an International law firm around employee health data if required

 

 

 

  • Security
  • Data Protection
  • Privacy
  • home working
  • covid 19

The Compliance Consultancy have been helping businesses with data protection from well before GDPR became law in 2018. I have the CIPP/E qualification which is an accreditation from the International…

Employment & HR

Identify and Measure Your Candidates'​ Soft Skills : Our...

What are ‘soft skills’ and why do they matter, you may ask. Let me ask you a different question; how is it possible for…
Employment & HR

“What technology is essential to be adopted by the HR to...

This is an attempt to put together IT solutions, which have been developed to holistically serve the HR…
Marketing & PR

SEO Explained and Why Your Business Needs It!

Are you passionate about making your business a success online? Are you looking to gain more enquiries/sales? Then…

More Articles

Retail & Services

A time for rebooting US

A quick post at the end of the week to say "well done" to each and every one of us.  I guess that whether you feel…
Financial Services

The Price of Government Support During COVID 19

Most people would applaud the UK Government's willingness to step in and assist the business community with the various…
Retail & Services

Looking after our pennies and our planet

Most people in the world would love to have more money in their lives.  There are a growing number of people who are…

Would you like to promote an article ?

Post articles and opinions on Manchester Professionals to attract new clients and referrals. Feature in newsletters.
Join for free today and upload your articles for new contacts to read and enquire further.

Find the right professionals in Manchester

View The Full Index

Search By:

Submit your Enquiry here

Enquiry Details

Contact Details